Facing any SSL related error on your Apache server? We bring you the fixes
When it comes to Apache or any other server for that matter, it’s pretty common to come across SSL related errors. As good as SSL certificates are at what they do, there are no escaping SSL errors. If you have an SSL certificate, you will face errors – it’s as simple as that.
This doesn’t mean that you have to sit in front of your PC and wait for these errors to disappear magically though. You can fix them by yourself – with a little bit of our help.
Based on the experiences of our customers, we’ve compiled a list of most commonly faced errors. Just click on the error that you’re facing, and you’ll have the solution right in the middle of your screen.
- Fix Unable to configure RSA server private key Error and Fix certificate routines:X509_check_private_key:key values mismatch
- Fix Error:0D0680A8 : asn1 encoding routines: ASN1_CHECK_TLEN: wrong tag
- Fix Page not displayed through Apache Error
- Fix Apache Invalid command ‘SSLEngine’ Error
- Fix Apache ssl_error_rx_record_too_long Error
Fix “Unable to configure RSA server private key” Error and Fix “certificate routines:X509_check_private_key:key values mismatch”
If you’re seeing the “Unable to configure RSA server private key” error, it’s highly likely that your private key, which is in the VirtualHost section, doesn’t match with the SSL certificate. That’s why you’ll need to verify if you’re selecting the right key or right cert. You can do that by running below OpenSSL commands:
openssl x509 -noout -modulus -in your_domain_com.crt | openssl md5
openssl rsa -noout -modulus -in your_domain_com.key | openssl md5
If they don’t match, you must find the private key that matches with your certificate and update VirtualHost to match it. If this doesn’t work, you’ll need to reissue your SSL certificate as the last resort.
Fix “Error:0D0680A8 : asn1 encoding routines: ASN1_CHECK_TLEN: wrong tag”
Most of the time, this error is seen if there have been some modifications to your certificate file. Make sure that it starts with —–BEGIN CERTIFICATE—– and ends with —–END CERTIFICATE—–. Also, make sure that you haven’t left any spaces in it.
Fix “Page not displayed through Apache” Error
Commonly, the “Page not displayed through Apache” is seen due to HTTP/1.1. To circumvent this error, you must disable HTTP/1.1 in Apache+mod_ssl+OpenSSL. To do so, you must enter the following directive:
SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
Fix Apache “Invalid command ‘SSLEngine'” Error
Apache needs a module named mod_ssl in order to make SSL connections. If it isn’t installed, you could face “Invalid command ‘SSLEngine'” error. Needless to say, there’s only one way to alleviate your pain, and that is enabling the module. To enable it, you must run a command based on your system.
Enable on CentOS/RedHat Linux:
sudo yum install mod_ssl
Enable on Debian-based distro:
Fix Apache “ssl_error_rx_record_too_long” Error
Mostly the “ssl_error_rx_record_too_long” is encountered in the Firefox browser due to improper SSL traffic setup. Here are the fixes that should eliminate this error:
- As we know, port 443 is used for HTTPS traffic. If the server isn’t configured to listen to the SSL traffic, you must make it listen. To do so, you must add the line below before the <VirtualHost> block gets loaded.
On IPv6, you’ll also need to include the IP Address.
- If you’re on a Windows system, check if the host file on Windows server is set up appropriately. You might want to do it by changing VirtualHost your.domain.com:443 to VirtualHost _default_:443.
- Many times, the cause behind “ssl_error_rx_record_too_long” error is unsuccessful loading of httpd.conf even if the file /conf/extra/httpd-ssl.conf was configured properly. You’ll need to uncomment the line below to fix it and then restart Apache.
- Another possible reason behind this might be having a misconfigured proxy. To detect if you have it, you should try opening your site from other networks. If you don’t see the error anymore, the proxy was probably the reason behind it.
We hope this fixes helped you eliminate SSL error in Apache and helped you establish a smooth HTTPS connection.
- Tips to Install SSL Certificate on Apache
- Move an SSL from one Apache Server to another one
- Google Chrome SSL Certificate Error and Troubleshoot Guide
- SSL tools for the SSL Reconfiguration process
All your Apache Server Error will be vanished by the above guide if your website is secured with a trusted SSL Certificate.